Basic OSSEC server, webui and agent configuration

From Notes_Wiki
Revision as of 04:20, 22 May 2014 by Saurabh (talk | contribs)

<yambe:breadcrumb>OSSEC|OSSEC</yambe:breadcrumb>

Basic OSSEC server, webui and agent configuration

Configure OSSEC server

To configure OSSEC server use following steps:

  1. yum -y install gcc postgresql-devel mysql-devel
  2. Download latest OSSEC Server/Agent from http://www.ossec.net
  3. Extract server code using 'tar xzf ossec-hids-*'
  4. Go to server code directory 'cd ossec-hids*'
  5. Install using './install.sh' and use all default values suggested. For installation type use 'server'.
  6. Check status using '/var/ossec/bin/ossec-control status'. If ossec is not running then start it using '/var/ossec/bin/ossec-control start'


Configure OSSEC Web UI

To configure OSSEC web UI use following steps:

  1. Install OSSEC server as mentioned in previous section.
  2. Download latest OSSEC Web UI code from http://www.ossec.net
  3. Extract web UI code
  4. Rename and move the extracted folder to '/var/www/html/ossec'
  5. Go to OSSEC Web UI folder 'cd /var/www/html/ossec'
  6. Run './setup.sh'
  7. Restart apache using 'service httpd restart'
  8. Enable apache to run on start-up using 'chkconfig httpd on'
  9. Access the OSSEC interface at http://<Server-IP>/ossec


Configure OSSEC Agent on Linux machine

To configure OSSEC Agent on Linux machine use same steps as that for configuring OSSEC server with the only difference in installation type value. Instead of choosing 'server' choose 'agent'. Also edit '/var/ossec/etc/ossec.conf' and enter correct IP address of server.


Add OSSEC agent to OSSEC server

To add OSSEC agent to OSSEC server use following steps:

  1. On server do following:
    1. Ensure that incoming connections to UDP 1514 to server from agent are allowed.
    2. Run '/var/ossec/bin/manage_agents'
    3. Add agent and extract its key
    4. Restart ossec using '/var/ossec/bin/ossec-control restart'
  2. On client do following:
    1. Run '/var/ossec/bin/manage_agents'
    2. Add key extracted from server
    3. Restart agent on client using '/var/ossec/bin/ossec-control restart'
  3. Open Web UI on server to verify that agent has connected successfully.


<yambe:breadcrumb>OSSEC|OSSEC</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Basic_OSSEC_server,_webui_and_agent_configuration&oldid=1713"